Why Open Source Intelligence Needs to Be Part of Your Risk Awareness Strategy

By Pete O'Dell, Swan Island Networks on May 27, 2021 |

Summary:

Open-source intelligence (OSINT) is a critical part of your risk profile. Properly assimilated and used, this intelligence can be extremely useful to your organization in recognizing threats and risks proactively and helping to protect lives (people), assets (buildings and fleets), operational continuity (business resilience) and reputation (brand).

Retrospective:

Pete O'Dell headshot
Pete O’Dell, Swan Island Networks

If you are 40 years or older, you likely remember going to the library to research something for school or work. You might start with the encyclopedia and then go on to the card catalog, which used the Dewey Decimal System to catalog subjects and authors. Next stop: industry indexes that were (hopefully) not too out of date for your purposes. And remember how difficult – h  how clumsy – microfiche archives of newspaper and magazine articles were?

Those days are gone, thankfully, replaced by a different problem: a continuously growing ocean of information that’s available to you instantly, in a plethora of different formats.

Let’s examine some of the elements of using OSINT as a critical element in your risk awareness efforts.

For the purposes of this article, we are going to assume you already have a threat matrix of events that could impact your organization, along with a plan for who’s in charge in different areas when a threat materializes. We will focus on direct physical threats, leaving cyber, competitive, financial, supply chain and compliance for another day. These physical security threats could be natural, like severe weather, fire, earthquakes, volcanoes, flooding and more. They could also come from non-natural sources; such threats would include theft, sabotage, terrorism, power outages, civil unrest and so many more. Many of the points made apply to other risk areas. 

The Who, What, Where, Why and How of OSINT

  • What: OSINT is information that is overtly available to anyone and can come from news media, social media, YouTube, sensors, government sites, publicly available cameras and many other sources. Traditionally, sources were text-based. Today, more information is in non-textual formats, such as video, audio and photos. Publishing and consumption have become instantaneous. Many more near real-time sources exist now, both trusted (e.g., the National Oceanic and Atmospheric Administration (NOAA) and the U.S. Geological Survey) and those needing verification (e.g., raw Tweets).
  • Why: Things you don’t know can hurt your organization, and investing the time to prepare so you can prevent and respond will help mitigate impacts. In today’s connected world, “not knowing” is a really poor excuse for failure on the part of someone tasked with protecting the organization.
  • When: OSINT is being published continuously, 24 hours a day, 365 days a year. The amount of information is expanding globally at a very rapid pace, making tools for mining information critical to your organization.
  • Where: The geolocation of the information is an important element of some OSINT. Knowing a magnitude 7.8 earthquake just happened is useless if you cannot correlate that it occurred on land 7.5 miles from your Alaskan office. Adding the coordinates make the information far more actionable.
  • Who: Organizations can waste an incredible amount of time and money if everyone is randomly browsing the web and other sources for information, and such a random approach can cause big gaps in risk awareness. Identify who should be responsible; give them the tools to execute; automate wherever possible; and ensure that the collection, analysis and distribution of any OSINT is aligned with the organization’s potential risks and approved strategy.
  • How: Collecting, analyzing and acting upon OSINT is key to reducing your risk profile. Depending on your organizational size, geographic distribution and risk appetite, the effort can range from part-time to a dedicated 24/7 professional staff, usually located in a security operations center. A wide range of tools and subscriptions are available in both the public domain and by solution providers that can cover a hyperlocal area (20 square blocks in Manhattan) or deliver worldwide coverage.

Best Practices for Using Open-Source Intelligence

As you apply OSINT to your risk and security program, make sure to be mindful of these best practices:

  • Urgency: Every second counts when dealing with emerging risks. Plan and act accordingly. The world is only getting faster.
  • Sharing: Sharing the effort with others in your industry and regions can save everyone time. InfraGard, an FBI-sponsored public-private partnership, is an example to be emulated.
  • All sources are not equal: An alert from NOAA is very different from a raw Tweet by someone you do not know. Caveat emptor (buyer beware) is important, even if the information is freely available. Trusted sources verify and edit before publishing; influencers may not.
  • Disinformation: We have seen an increasing trend toward disinformation, especially in the political arena, so be careful to validate your sources and correlate important insights with other sources.
  • Interoperability:  RSS, GeoRSS, Common Alerting Protocol and other standards allow machines to accumulate and process inbound sources in an increasingly automated way.
  • Semantics: Phrases like “the bomb” and “Paris Hilton” can have vastly different meanings depending on the context of the message. Smart screening and curation are highly advised.

Future Intelligence Sources

The development of intelligence sources is not slowing down, but there are some key technology changes that will shape how the intelligence is gathered and interpreted. Here is what to look for:

  • Artificial Intelligence (AI): AI is an overused term right now, with a lot of injected hype and confusion. AI capabilities will permeate information collection and processing over the coming years in many ways. A simple example: discerning and appending the geolocation of a news article will enable correlation to an organization’s physical assets.
  • Intelligent video: A limitation of video monitoring in the past has been someone having to watch it – one of the all-time boring tasks. New generations of cameras with embedded AIs will alert people to events automatically, separating out the difference between a hug and an assault. This means more time for response.
  • Sensors: Sensors and the “things” in the Internet of Things network have been getting smaller, faster, cheaper and more connected. With the advent of IP access to every inch of the globe through systems like StarLink from SpaceX, expect many more monitoring capabilities.
  • Translation: Major browsers today let the end user translate any text into their native language, and this capability will only expand into real-time processing and analysis capabilities.

Conclusion:

Sifting data to separate OSINT from noise can provide vital awareness to minimize risk – if you use it to scan the horizon and identify known issues and threats as early as possible. Many organizations have stepped up their efforts during the COVID-19 pandemic and recent civil unrest, creating formal organizational intelligence functions and moving toward a more integrated risk management posture. As Benjamin Franklin noted a long time ago, “an ounce of prevention is worth a pound of cure.”

About the Author:

Pete O’Dell (pete.odell@swanisland.net) is the CEO of Swan Island Networks, makers of TX360 and TX Global, both real-time situational awareness cloud platforms for Fortune 1000 and small and medium-sized business. The TX platforms deliver real-time situational intelligence from six continents to organizations that want to be proactive about protecting lives, property, operations and reputation.